[2/2] cxf-fediz git commit: Map claims from SAML -> JWT

Wed, 18 Nov 2015 08:40:54 -0800 

Map claims from SAML -> JWT


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3d7c1179
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3d7c1179
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3d7c1179

Branch: refs/heads/master
Commit: 3d7c117936c43997fbb5342a23cce5f22d31d61e
Parents: b3887f4
Author: Colm O hEigeartaigh <[email protected]>
Authored: Wed Nov 18 16:39:08 2015 +0000
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Wed Nov 18 16:39:08 2015 +0000

----------------------------------------------------------------------
 .../service/oidc/LocalSamlTokenConverter.java   | 65 ++++++++++++++++++--
 .../fediz/service/oidc/OAuthDataManager.java    |  3 +-
 .../fediz/service/oidc/SamlTokenConverter.java  |  6 +-
 3 files changed, 67 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d7c1179/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
----------------------------------------------------------------------
diff --git 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
index 3f9443d..94b094b 100644
--- 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
+++ 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
@@ -18,21 +18,78 @@
  */
 package org.apache.cxf.fediz.service.oidc;
 
-import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.apache.cxf.fediz.core.Claim;
+import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 
 
 
 public class LocalSamlTokenConverter implements SamlTokenConverter {
 
     @Override
-    public IdToken convertToIdToken(Document samlDoc, String subjectName, 
String clientId) {
+    public IdToken convertToIdToken(Element samlToken, 
+                                    String subjectName, 
+                                    ClaimCollection claims,
+                                    String clientId) {
         IdToken idToken = new IdToken();
         idToken.setSubject(subjectName);
         idToken.setAudience(clientId);
         idToken.setIssuer("accounts.fediz.com");
-        idToken.setIssuedAt(System.currentTimeMillis() / 1000);
-        idToken.setExpiryTime(System.currentTimeMillis() / 1000 + 60000);
+        
+        long currentTimeInSeconds = System.currentTimeMillis() / 1000L;
+        idToken.setIssuedAt(currentTimeInSeconds);
+        idToken.setExpiryTime(currentTimeInSeconds + 60000L);
+        
+        // Set the authInstant
+        try {
+            SamlAssertionWrapper wrapper = new SamlAssertionWrapper(samlToken);
+            
+            if (wrapper.getSaml2() != null && 
!wrapper.getSaml2().getAuthnStatements().isEmpty()) {
+                long authInstant = 
+                    
wrapper.getSaml2().getAuthnStatements().get(0).getAuthnInstant().getMillis();
+                idToken.setAuthenticationTime(authInstant / 1000L);
+            }
+        } catch (WSSecurityException ex) {
+            throw new OAuthServiceException("Error converting SAML token", ex);
+        }
+        
+        // Map claims
+        if (claims != null) {
+            String firstName = null;
+            String lastName = null;
+            for (Claim c : claims) {
+                if (!(c.getValue() instanceof String)) {
+                    continue;
+                }
+                if (ClaimTypes.FIRSTNAME == c.getClaimType()) {
+                    idToken.setGivenName((String)c.getValue());
+                    firstName = (String)c.getValue();
+                } else if (ClaimTypes.LASTNAME == c.getClaimType()) {
+                    idToken.setFamilyName((String)c.getValue());
+                    lastName = (String)c.getValue();
+                } else if (ClaimTypes.EMAILADDRESS == c.getClaimType()) {
+                    idToken.setEmail((String)c.getValue());
+                } else if (ClaimTypes.DATEOFBIRTH == c.getClaimType()) {
+                    idToken.setBirthDate((String)c.getValue());
+                } else if (ClaimTypes.HOMEPHONE == c.getClaimType()) {
+                    idToken.setPhoneNumber((String)c.getValue());
+                } else if (ClaimTypes.GENDER == c.getClaimType()) {
+                    idToken.setGender((String)c.getValue());
+                } else if (ClaimTypes.WEB_PAGE == c.getClaimType()) {
+                    idToken.setWebsite((String)c.getValue());
+                }
+            }
+            
+            if (firstName != null && lastName != null) {
+                idToken.setName(firstName + " " + lastName);
+            }
+        }
+        
         return idToken;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d7c1179/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
----------------------------------------------------------------------
diff --git 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
index ae7e538..5e3ff4f 100644
--- 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++ 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
@@ -98,8 +98,9 @@ public class OAuthDataManager extends 
AbstractCodeDataProvider {
     }
 
     protected String getJoseIdToken(FedizPrincipal principal, Client client) {
-        IdToken idToken = 
tokenConverter.convertToIdToken(principal.getLoginToken().getOwnerDocument(),
+        IdToken idToken = 
tokenConverter.convertToIdToken(principal.getLoginToken(),
                                                           principal.getName(), 
+                                                          
principal.getClaims(),
                                                           
client.getClientId());
         JwsJwtCompactProducer p = new JwsJwtCompactProducer(idToken);
         return p.signWith(getJwsSignatureProvider(client));

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3d7c1179/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
----------------------------------------------------------------------
diff --git 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
index 93cd672..1fbb087 100644
--- 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
+++ 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
@@ -18,12 +18,14 @@
  */
 package org.apache.cxf.fediz.service.oidc;
 
-import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.apache.cxf.fediz.core.ClaimCollection;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
 
  
 public interface SamlTokenConverter {
-    IdToken convertToIdToken(Document samlDoc, 
+    IdToken convertToIdToken(Element samlToken, 
                              String subjectName,
+                             ClaimCollection claims,
                              String audience);
 }

Reply via email to